self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-20 17:23:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
7125 commits 3230 branches 4169 tags 1.3 GiB
Commit graph

7125 commits

This branch
This branch
All branches
Author SHA1 Message Date
Roman Tkachenko 1e09b825f6
Port fixes from v8 (#9397) 
* Update oxy
* Do not allow MySQL COM_CHANGE_USER command
* Add support for all MongoDB wire messages
* Drone fix
 2021-12-15 06:38:05 +00:00
Russell Jones cf7696cad6 Fixed IsInternal issue in Check workflow. 
Fixed issue where IsInternal was returning false for docs reviewers in
the Check workflow.
 2021-12-14 18:26:20 -08:00
Russell Jones 821e317b3f Updated checking logic for code owners. 
Check logic will now approve with two code owner approvals along with
single code owner + code reviewer approval.
 2021-12-14 13:51:45 -08:00
Andrew Burke e5ba176a34
Enable canned ACL for S3 (#9042) 
This change allows admins to specify a canned ACL when using S3.
 2021-12-14 20:31:56 +00:00
Marek Smoliński c9ee98b6af
Doc update mongo postgres separate listeners (#9340) 2021-12-14 17:42:12 +00:00
Joel 2702856908
Allow a configurable event TTL in DynamoDB (#8840) 2021-12-14 18:04:44 +01:00
Marek Smoliński f906831e58
Add ability to run Mongo proxy on separate listener (#9194) 2021-12-14 14:26:14 +01:00
Alex McGrath 3df447f19d Include --insecure options for teleport {db|app} 2021-12-13 23:22:15 +00:00
Jim Bishopp 4127f1848a
Fix app server goroutine leak (#9332) 
Fixes https://github.com/gravitational/teleport-private/issues/79
LAT-APP21-4: DOS - Goroutine leak in app server

Prevent the app server's HandleConnection from blocking for 
every connection until the server closes. This change blocks 
only until the connection is closed.
 2021-12-10 21:28:51 +00:00
Marek Smoliński d24ae5b1ce
Add ability to run Postgres proxy on separate listener (#8323) 2021-12-10 11:05:19 +01:00
Edoardo Spadolini c3dee235a2
Ensure we don't miss the resolution of an access request (#9193) 
This makes it so that tsh will watch for access request resolution on the
correct (root) cluster, and it will not create access requests before the event
watcher is ready.


Fixes #9003 and #9244.
 2021-12-10 08:09:36 +00:00
Chongyang d19fe1cc99 Run tsh play requests with correct CLI context 2021-12-09 21:58:58 -08:00
Michael Ferranti 4ff0f3c45f Delete extra % sign 
with the function, it renders like this, so deleted the % sign.

"Teleport Cloud commits to SLA of 99.5%% of monthly uptime percentage, a maximum of 3 hours 40 minutes of downtime per month."

Either need to merge this PR or fix in the function.
 2021-12-09 21:58:58 -08:00
Isaiah Becker-Mayer 368f934739 [auto] Update webassets in master 
6f80eee move jest rules to test overrides (#498) https://github.com/gravitational/webapps/commit/6f80eee

[source: -w master] [target: -t master]
 2021-12-09 21:58:58 -08:00
Steven Martin f79ad49e5b Update example username desktop service to single quotes 2021-12-09 21:58:58 -08:00
quinqu 759f44c1f6 Correct Dismiss function spelling. 2021-12-09 21:58:58 -08:00
Zac Bergquist a165ad2fcb Tweak LDAPS troubleshooting docs 
Make it clear that an LDAP connection reset can be due to attempting
to connect on port 389 (which is what our original instructions advised)
 2021-12-09 21:58:58 -08:00
matheus e8f3b54684 Improve error message when TOPT is not valid 2021-12-09 21:58:58 -08:00
Forrest Marshall d2a55b62b8 fix racy test 2021-12-09 21:58:58 -08:00
Jeff Anderson 704b28fcaf bump nginx1.12 to nginx1 
amazon_linux_extras has marked nginx1.12 topic as EOL and nginx1 is the
new stable topic to use.
 2021-12-09 21:58:58 -08:00
Jeff Anderson 30acd1c5a7 Use in-memory cache for autoscale HA cluster 
* Use in-memory cache for autoscale HA cluster
* bump max_connections and add BATS test
 2021-12-09 21:58:58 -08:00
Travis Haas 27708b30e1 Add PDB to teleport-kube-agent chart 
* Add PDB to teleport-kube-agent chart
* Support a root value of replicaCount
* Update lint values for kube-agent pdb
* Add changes to statefulset
 2021-12-09 21:58:58 -08:00
David Heitman 5601c085c0 Optionally allow cluster_name to override public_address being used for cluster_name 2021-12-09 21:58:58 -08:00
Trent Clarke 6916e64ce6
Disable drone triggers (#9313) 
Removes all Drone CI tasks from `dronegen` and `.drone.yml`
 2021-12-10 15:46:27 +11:00
Jane Quintero 36e4570db6
Check If HEAD Branch Is A Fork (#9302) 2021-12-09 23:30:48 +00:00
Zac Bergquist 3a50912e77
Fix the CRL distribution point in Windows certs (#9299) 
A bug introduced in #9152 resulted in us publishing a CRL distribution
point to LDAP which was different than the one encoded in the certs.

Refactor the logic for generating these DNs into shared methods
and add test coverage that verifies the certs meet Windows requirements.

Fixes #9292
 2021-12-09 22:04:23 +00:00
Forrest Marshall 2e5ea8fb98 improve lock tests 2021-12-09 13:01:35 -08:00
Forrest Marshall 6f3ce8d3f5 improve Cache.ListNodes perf 2021-12-09 13:01:35 -08:00
Forrest Marshall dfd3732c6b improve concurrent watcher registration perf 2021-12-09 13:01:35 -08:00
Forrest Marshall d52241d969 bump backend limit 2021-12-09 13:01:35 -08:00
dmitri 47b8981de9 Remove uploadCtx/uploadDone as these are automatically reflected with uploadLoopDoneCh 2021-12-09 12:14:45 -08:00
dmitri 5e0c8c9b9a Do not use the server's context to complete the stream - it might have 
been already cancelled.
Proto stream to make sure the streams have been completely written
before exiting from Close.

Bug reference: https://drone.teleport.dev/gravitational/teleport/7755/1/7
 2021-12-09 12:14:45 -08:00
Jim Bishopp 0ba6809cc4
Fix CryptoRandomHex function (#9186) 
Fixes https://github.com/gravitational/teleport-private/issues/80
LAT-APP21-5: Insecure random number generation

- updated rand call from rand.Reader.Read to rand.Read
- changed length parameter name from len to l.
- changed byte slice var name to b.
- updated godoc
 2021-12-09 19:50:44 +00:00
rosstimothy 74f553c354
Fix panic running TestIntegration/RotateChangeSigningAlg (#9316) 2021-12-09 13:11:18 -05:00
STeve Huang 4e3f795e8f
Add --cluster flag to all tsh db subcommands, Add "--diag_addr" flag to teleport db/app start (#9220) 
* add diag to teleport db/app start

* db --cluster flag supports

* add some ut and fix issue ~/.tsh get removed during test

* working mongodb

* fix logout

* fix ut

* code review comment

* fix mysql
 2021-12-09 11:24:39 -05:00
Alex McGrath 8fbcafe798 tool/tctl: Log when requested ttl isnt granted for a cert 2021-12-09 14:05:33 +00:00
Zac Bergquist 031fae2c6e
Replace "loose" with "lose" (#9284) 2021-12-09 03:12:15 +00:00
Justinas Stankevičius d32c7e9d7f
Avoid "Entering/Leaving directory" output in Make (#9246) 2021-12-09 02:47:49 +00:00
Josh Wieder 70ebd1f0c0 Update docker-compose.yml 
tutum/curl has been deprecated and turned private on dockerhub for years. curlimages/curl works.
 2021-12-08 18:27:48 -08:00
Rosalind Lutsky f971c1f0ad Add thredUP case study to adopters page 2021-12-08 18:27:48 -08:00
Gus Luxton aada505207 Fix confusing port example in standalone docs 
External listeners should always be on port 3026, not 3027. This `kube_public_addr` doesn't conform and is causing confusion.
 2021-12-08 18:27:48 -08:00
Alexey Ivanov 93e299741d Add scopes description to the docs 2021-12-08 18:27:48 -08:00
Sagi Sarussi 0878271e48 Remove duplicate YouTube link 2021-12-08 18:27:48 -08:00
Cody Roseborough cad8fa4576 Add missing parenthesis in README 2021-12-08 18:27:48 -08:00
Alen a5e1fd2dd1 remove sudo from yum install 
removed sudo from yum install b/c it's not required and causes issues with security hardened base AMIs
 2021-12-08 18:27:48 -08:00
Russell Jones 598e2417ad Update check.yaml 2021-12-08 17:43:59 -08:00
Alexander Klizhentas b79655738c Improve docs for per-session MFA 
Better note that removes confusion.
 2021-12-08 17:06:26 -08:00
Jane Quintero 9b5fd64431
Check if PR is from a fork before dismissing runs. (#9300) 2021-12-08 16:12:50 -08:00
Alan Parra e854a82c1c
Add Security and UX sections to the canonical RFD (#9251) 
* Add Security and UX sections to the canonical RFD

* Add guidance for Security and UX
 2021-12-08 19:43:30 -03:00
Zac Bergquist 1a9416c19f
Fix CheckAndSetDefaults for UserTokenSecretsV3 (#9290) 
Since CheckAndSetDefaults mutates the receiver, we need a pointer
receiver.
 2021-12-08 12:00:03 -08:00